Danish Manufacturer to Pay $4.4m in OFAC Sanctions Settlement

On December 30, 2022, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a settlement with Danish multinational Danfoss for apparent Iran, Syria, and Sudan sanctions violations. According to the enforcement release, Danfoss agreed to pay $4,379,810 for 225 violations that occurred between 2013 and 2017.

During this time, Danfoss’ United Arab Emirates subsidiary directed customers in sanctioned jurisdictions to make payments to its bank account at the UAE branch of a US financial institution. While Danfoss disclosed the apparent violations in October 2017, OFAC deemed its submission did not qualify as a voluntary self-disclosure because the agency was already in “possession of relevant information.” 

However, the enforcement release notes that no evidence was found that Danfoss willfully used third-party payers to evade sanctions. The settlement amount reflects this, along with the fact that OFAC deemed the violations “non-egregious.”  

Sanctions Program Deficiencies 

Danfoss’ sanctions violations occurred due to deficiencies in its global sanctions compliance program. In addition to a lack of procedures to monitor subsidiary activities, management staff did not receive substantive training on US sanctions. OFAC highlights that these issues led to certain transactions not being escalated to the appropriate personnel, leading to violations of:

• The International Emergency Economic Powers Act
• The Iranian Transactions and Sanctions Regulations
• The Syrian Sanctions Regulations
• The Sudanese Sanctions Regulations

Following its investigation, OFAC determined a series of mitigating factors, including:

• Danfoss took quick action to ascertain the root causes of the conduct at issue
• It adopted more effective internal controls and procedures to prevent a recurrence of the violations, including new documentation to help employees identify sanctions compliance red flags
• Danfoss was highly cooperative in providing relevant information and responding to all OFAC requests for information promptly

Building a Risk-Based Sanctions Compliance Program 

In May 2019, OFAC released a Framework for OFAC Compliance Commitments to provide organizations with the agency’s perspective on the essential components of a sanctions compliance program. The guidance notes that while each risk-based sanctions compliance program will vary depending on a variety of factors – such as the company’s size, products, and geographic location(s) – they should incorporate at least five essential components of compliance:

• Management commitment: Having a solid senior management commitment to supporting a firm’s sanctions compliance program is one of the most important factors in determining its success. This includes ensuring compliance units have adequate resources and promoting a culture of compliance throughout the organization.
• Risk assessment: Conducting routine or ongoing risk assessments is a core tenant of adopting a risk-based approach to sanctions compliance. OFAC notes that while there is no “one-size-fits-all” risk assessment, the exercise should consist of a holistic review of the firm and assess its touchpoints to the outside world.
• Internal controls: These include policies and procedures to effectively identify, block, escalate, report, and keep records about activity that OFAC regulations may prohibit. 
• Testing and auditing: A comprehensive audit function within a sanctions compliance program ensures that firms identify program weaknesses and deficiencies. OFAC also notes it is the organization’s responsibility to enhance this program, including all program-related software, systems, and other technology, to remediate any identified compliance gaps.
• Training: An effective training program should be tailored to an entity’s risk profile and provided to all appropriate employees and stakeholders. OFAC’s guidance notes that training programs should provide job-specific knowledge based on need, communicate the sanctions compliance responsibilities for each employee, and hold employees accountable for sanctions compliance training through assessments. 

OFAC sanctions compliance also requires compliance teams to collect and analyze large amounts of data from various sources. Since managing this data manually is unfeasible and can lead to costly human errors, firms should seek to integrate suitable smart technology tools to help them achieve regulatory compliance.